undefined | Better HN

0 pointsscriptkiddy8y ago0 comments

Cert renewal can be automated the same way letsencrypt does it for instance.

0 comments

Let's Encrypt validates during each renewal if the server still controls the DNS and/or HTTP endpoint. The point of the limited duration is to ensure that an attacker who got a copy of the certificate, but who doesn't control the DNS or HTTP endpoint, can't keep using it for long.

In this case, I don't see any automated check that can verify that the client trying to renew the cert is the original device, so there's no point in limiting the lifetime of the certificate, unless you send a person to do that verification manually.

scriptkiddyOP8y ago

That is an interesting limitation. I'm sure there is some way to get around it. However, I'm not a network security expert. I just thought using SSL certs for authentication was an interesting idea.

j / k navigate · click thread line to collapse

0 comments

icebraining8y ago

scriptkiddyOP8y ago

That is an interesting limitation. I'm sure there is some way to get around it. However, I'm not a network security expert. I just thought using SSL certs for authentication was an interesting idea.

j / k navigate · click thread line to collapse